Apologies If I can’t list specific 3rd Android OS here. I know you can’t on some reddit privacy subs due to some beef between devs I guess. I’ll take down if needed :)
Regardless, Ive been running GOS for a while and just found out theres a feature that allows you to use biometrics while still requiring your pin on the initial lock screen. One of my concerns with biometrics is that in some jurisdictions, law enforcement can force someone to open their phone through face ID or thumb print.
I’ve been using this feature that allows you to use biometrics but when you are on the lock screen, it still requires your pin. I thought this was really cool because it allows me to use biometrics only to unlock my apps while still adding an extra layer of protection to the unlocking of the device itself. Obviously slightly Inconvenient depending on your worries/threat level, but I just wanted to share this in case anyone else was interested and didnt know about it! Very cool!
EDIT: I just re-read my screenshot and it looks like fingerprint unlock is not correlated to using fingerprint for app unlocking. If this is the case then I’m not quite sure what the actual benefits are here. Please feel free to clarify!
If you’re concerned about these kind of things, you might want to know about the GrapheneOS duress password. You set a second PIN, called duress PIN/password. If you’re ever forced to type a PIN, you can type this one instead of the real one. It will lock/wipe out the phone within a few seconds. There’s a few youtube videos showcasing this self-destruct mode.
Nice! That’s pretty cool, and law enforcement is a reason I stopped using my fingerprint to unlock my phone. Having an extra layer of security, even if just a technicality in the case of being forced to use my print, is nice.
Related:
Download Wasted (https://f-droid.org/en/packages/me.lucky.wasted/) - You can set your phone to auto-wipe after X amount of time without being unlocked, and also various other triggers for wipe, like creating a fake “Signal” or “Telegram” icons on your homescreen that would trigger a wipe if tapped, or a fake “Airplane mode” tile that would trigger a wipe. Very useful stuff. (Might wanna learn the laws in your jurisdiction tho, could get you in trouble.
There’s also Duress (https://f-droid.org/en/packages/me.lucky.duress/) which doesn’t work on my Samsung, but it worked on a Motorola that I once has. It sets up either a fake pin (aka: duress pin), and the duress pin can also be to just enter X characters, where X is at least 2 chracters more than your real password (example: if your pin is “2025”, all you have to say is any string of 6 characters or more like “123456” and the wipe will happen, very useful since you probably won’t remember a specific duress pin under stress)
Apologies If I can’t list specific 3rd Android OS here. I know you can’t on some reddit privacy subs due to some beef between devs I guess. I’ll take down if needed :)
Wut?
Meaning: what kind of privacy community bans discussion on free and open privacy because of a dev? That’s ridiculous. Exchange of money, sure, but discussion?
Well, from what I understood, in the privacy subreddit people were getting into it over Graphene OS and other privacy android OS’s. During this, I guess the Devs (or dev) we’re very petty or something and causing unnecessary in-fighting. Icould be telling this wrong but its something along those lines… To be clear, i think the actual rule is you cant specifically mention ANY 3rd party android OS, not just Graphene.
Been using it for a while and it’s great.
Next up: auto wipe device after x days of no authentication.
At that point use the duress password with the police
Using the duress password could potentially be charged as destruction of evidence. If you can refuse to enter a password long enough for it to auto wipe before a judge orders you to unlock it you could avoid the danger of legal consequences. No destruction of evidence and no contempt of court.
Most Android versions have this now. Became popular as soon as SCOTUS ruled that police can compel you to unlock your device via biometrics. Enable it. If you think you may be arrested, simply restart your phone and now they need a court order to unlock your phone which means they have to convince a judge with probable cause.
Also put a pin code on your sim card so they can’t clone and use the sim card if you shut your phone off.
The police cannot clone SIM cards or hijack IMEI without a court order, and if they have a court order to do that, then it’s trivial for it to include orders to compel you to unlock your phone/SIM anyways. This doesn’t really protect you.
US specific and not sure for how much longer, but the courts have generally held that you can’t be forced to give up a password to a phone. It’s covered under the 5th (and 4th) amendments. That being said, most stock phones are vulnerable to cellubrite cracks.
Even with this, biometrics could be construed as proof that it is your phone, whereas just a password or pin still has some degree of deniability
True. I didn’t really consider the connection and more of the security side. I’m sure it differs but do you know if proof of ownership make a difference if they catch you with it in possession in the first place?
IANAL, but if used as a burner phone with nothing identifiable on the device itself, you could probably claim you found it on the ground somewhere. You wont get the phone back most likely but that might be better than the alternative
Makes sense. Also wasn’t aware of “IANAL” and was hesitant to google but got it. Thanks lol
This guy anals.
